Filter
Top Products
Administrator’s Guide - SoundPoint
®
IP / SoundStation
®
IP Features
Copyright © 2006 Polycom, Inc. 75
3.8.4 Configuration File Encryption
Confidential information stored in configuration files must be protected from attack or
unintentional discovery. This information could include registration passwords and
contact information. A separate SDK is provided to facilitate key generation and con-
figuration file encryption and decryption on a UNIX or Linux server.
The phone can recognize encrypted files, which it downloads from the boot server and
it can encrypt files before uploading them to the boot server. To do this, a key must be
stored on the phone. Configuration files (excluding the master configuration file), con-
tact directories, and configuration override files can all be encrypted. The phone will
still recognize unencrypted files and a combination of encrypted and unencrypted files
can be used on one phone.
If the phone doesn't have a key, it must be downloaded to the phone in plain text (a
potential security hole if not using HTTPS). If the phone already has a key, a new key
can be downloaded to the phone encrypted using the old key (refer to 2.2.3.1 Changing
the Key on the Phone on page 24). At a later date, new phones from the factory will
have a key pre-loaded in them that will be shared with trusted customers. This key will
be changed at regular intervals to enhance security.
Local
Web Server (if
enabled)
None.
Local Phone User
Interface
None.
Central
(boot
server)
Configuration File:
sip.cfg
Specify the phone-specific contact directory and the phone-
specific configuration override file.
• For more information, refer to section 4.6.1.20.1
Encryption <encryption/> on page 141.
Configuration file:
<device>.cfg
Change the encryption key.
• For more information, refer to section 2.2.2.1.1.3 Set-
ting Flash Parameters from Configuration Files on
page 16.
Local
Web Server (if
enabled)
None.
Local Phone User
Interface
None.